Experimental Feature: Allow-CSP-From header

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
index c9dd09510cad457de3a815e15e8a6cca340ea468..1bac93999ae85d4e2494d426eefe1038806d9d8e 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
@@ -862,4 +862,45 @@ TEST_F(ContentSecurityPolicyTest, NonceMultiplePolicy) {
   }
 }
 
+TEST_F(ContentSecurityPolicyTest, ShouldEnforceEmbeddersPolicy) {
+  ResourceResponse response;
+  response.setURL(KURL(ParsedURLString, "about:blank"));
+  response.setHTTPHeaderField(HTTPNames::Allow_CSP_From,
+                              AtomicString("not a valid header"));
+  EXPECT_TRUE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(
+      response, secureOrigin.get()));
+
+  // Same origin automatically should accept required CSP.

[Mike West, 2016/10/17 14:54:28]

I think this test would be clearer if it didn't rely so much on each piece
building upon the piece before it. Really, it seems like the only thing that
differs is the URL of the resource we're loading. That is, perhaps something
like the following could be clearer:

```
struct TestCase {
  const char* resourceURL;
  const bool inherits;
} cases[] = {
  // Same-origin
  {"https://example.test/index.html", true},
  // Cross-origin
  {"http://example.test/index.html", false},
  {"http://example.test:8443/index.html", false},
  {"https://example.test:8443/index.html", false},
  {"http://not.example.test/index.html", false},
  {"https://not.example.test/index.html", false},
  {"https://not.example.test:8443/index.html", false},
  
  // Inherit
  {"about:blank", true},
  {"data:text/html,yay", true},
  {"blob:https://example.test/bbe708f3-defd-4852-93b6-cf94e032f08d", true},
  {"filesystem:http://example.test/temporary/index.html", true},
};

for (const auto& test : cases) {
  // Set up response with the URL and no header.

  // Make some assertions about `shouldEnforceEmbeddersPolicy`

  // Add a header of `*`
  // Assert.

  // Switch to an invalid header.
  // Assert.

  // Switch to a cross-origin header.
  // Assert.

  // Switch to a matching header.
  // Assert.
}
```

WDYT?

+  response.setURL(KURL(ParsedURLString, "https://example.test/index.html"));
+  EXPECT_TRUE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(
+      response, secureOrigin.get()));
+
+  // Protocols do not match.
+  response.setURL(KURL(ParsedURLString, "http://example.test/index.html"));
+  EXPECT_FALSE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(
+      response, secureOrigin.get()));
+
+  // Different origin and invalid header.
+  response.setURL(KURL(ParsedURLString, "https://different.test/index.html"));
+  EXPECT_FALSE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(
+      response, secureOrigin.get()));
+
+  // Different origin and valid header but not equal to the embedder origin.
+  response.setHTTPHeaderField(HTTPNames::Allow_CSP_From,
+                              AtomicString("http://example.test"));
+  EXPECT_FALSE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(
+      response, secureOrigin.get()));
+
+  // Different origin and valid header.
+  response.setHTTPHeaderField(HTTPNames::Allow_CSP_From,
+                              AtomicString("https://example.test"));
+  EXPECT_TRUE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(
+      response, secureOrigin.get()));
+
+  // Star should enforce any embedder's policy.
+  response.setHTTPHeaderField(HTTPNames::Allow_CSP_From, AtomicString("*"));
+  EXPECT_TRUE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(
+      response, secureOrigin.get()));
+}
+
 }  // namespace blink